Return a custom TlsStream rather than a ChannelBinding up front

Author: sfackler

codegen/src/sqlstate.rs

@@ -92,5 +92,6 @@ fn make_map(codes: &LinkedHashMap<String, Vec<String>>, file: &mut BufWriter<Fil
 #[rustfmt::skip]
 static SQLSTATE_MAP: phf::Map<&'static str, SqlState> = \n{};\n",
         builder.build()
-    ).unwrap();
+    )
+    .unwrap();
 }

postgres-native-tls/src/lib.rs

@@ -7,7 +7,7 @@
 //! use postgres_native_tls::MakeTlsConnector;
 //! use std::fs;
 //!
-//! # fn main() -> Result<(), Box<std::error::Error>> {
+//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! let cert = fs::read("database_cert.pem")?;
 //! let cert = Certificate::from_pem(&cert)?;
 //! let connector = TlsConnector::builder()
@@ -30,7 +30,7 @@
 //! use postgres_native_tls::MakeTlsConnector;
 //! use std::fs;
 //!
-//! # fn main() -> Result<(), Box<std::error::Error>> {
+//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! let cert = fs::read("database_cert.pem")?;
 //! let cert = Certificate::from_pem(&cert)?;
 //! let connector = TlsConnector::builder()
@@ -48,13 +48,16 @@
 #![doc(html_root_url = "https://docs.rs/postgres-native-tls/0.3")]
 #![warn(rust_2018_idioms, clippy::all, missing_docs)]
 
+use futures::task::Context;
+use futures::Poll;
 use std::future::Future;
+use std::io;
 use std::pin::Pin;
-use tokio_io::{AsyncRead, AsyncWrite};
+use tokio_io::{AsyncRead, AsyncWrite, Buf, BufMut};
+use tokio_postgres::tls;
 #[cfg(feature = "runtime")]
 use tokio_postgres::tls::MakeTlsConnect;
 use tokio_postgres::tls::{ChannelBinding, TlsConnect};
-use tokio_tls::TlsStream;
 
 #[cfg(test)]
 mod test;
@@ -111,20 +114,88 @@ where
     type Stream = TlsStream<S>;
     type Error = native_tls::Error;
     #[allow(clippy::type_complexity)]
-    type Future = Pin<
-        Box<dyn Future<Output = Result<(TlsStream<S>, ChannelBinding), native_tls::Error>> + Send>,
-    >;
+    type Future = Pin<Box<dyn Future<Output = Result<TlsStream<S>, native_tls::Error>> + Send>>;
 
     fn connect(self, stream: S) -> Self::Future {
         let future = async move {
             let stream = self.connector.connect(&self.domain, stream).await?;
 
-            // FIXME https://github.com/tokio-rs/tokio/issues/1383
-            let channel_binding = ChannelBinding::none();
-
-            Ok((stream, channel_binding))
+            Ok(TlsStream(stream))
         };
 
         Box::pin(future)
     }
 }
+
+/// The stream returned by `TlsConnector`.
+pub struct TlsStream<S>(tokio_tls::TlsStream<S>);
+
+impl<S> AsyncRead for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    unsafe fn prepare_uninitialized_buffer(&self, buf: &mut [u8]) -> bool {
+        self.0.prepare_uninitialized_buffer(buf)
+    }
+
+    fn poll_read(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut [u8],
+    ) -> Poll<io::Result<usize>> {
+        Pin::new(&mut self.0).poll_read(cx, buf)
+    }
+
+    fn poll_read_buf<B: BufMut>(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut B,
+    ) -> Poll<io::Result<usize>>
+    where
+        Self: Sized,
+    {
+        Pin::new(&mut self.0).poll_read_buf(cx, buf)
+    }
+}
+
+impl<S> AsyncWrite for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    fn poll_write(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<io::Result<usize>> {
+        Pin::new(&mut self.0).poll_write(cx, buf)
+    }
+
+    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.0).poll_flush(cx)
+    }
+
+    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.0).poll_shutdown(cx)
+    }
+
+    fn poll_write_buf<B: Buf>(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut B,
+    ) -> Poll<io::Result<usize>>
+    where
+        Self: Sized,
+    {
+        Pin::new(&mut self.0).poll_write_buf(cx, buf)
+    }
+}
+
+impl<S> tls::TlsStream for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    fn channel_binding(&self) -> ChannelBinding {
+        // FIXME https://github.com/tokio-rs/tokio/issues/1383
+        ChannelBinding::none()
+    }
+}

postgres-openssl/src/lib.rs

@@ -6,7 +6,7 @@
 //! use openssl::ssl::{SslConnector, SslMethod};
 //! use postgres_openssl::MakeTlsConnector;
 //!
-//! # fn main() -> Result<(), Box<std::error::Error>> {
+//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! let mut builder = SslConnector::builder(SslMethod::tls())?;
 //! builder.set_ca_file("database_cert.pem")?;
 //! let connector = MakeTlsConnector::new(builder.build());
@@ -25,7 +25,7 @@
 //! use openssl::ssl::{SslConnector, SslMethod};
 //! use postgres_openssl::MakeTlsConnector;
 //!
-//! # fn main() -> Result<(), Box<std::error::Error>> {
+//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! let mut builder = SslConnector::builder(SslMethod::tls())?;
 //! builder.set_ca_file("database_cert.pem")?;
 //! let connector = MakeTlsConnector::new(builder.build());
@@ -42,6 +42,8 @@
 #![doc(html_root_url = "https://docs.rs/postgres-openssl/0.3")]
 #![warn(rust_2018_idioms, clippy::all, missing_docs)]
 
+use futures::task::Context;
+use futures::Poll;
 #[cfg(feature = "runtime")]
 use openssl::error::ErrorStack;
 use openssl::hash::MessageDigest;
@@ -51,11 +53,13 @@ use openssl::ssl::SslConnector;
 use openssl::ssl::{ConnectConfiguration, SslRef};
 use std::fmt::Debug;
 use std::future::Future;
+use std::io;
 use std::pin::Pin;
 #[cfg(feature = "runtime")]
 use std::sync::Arc;
-use tokio_io::{AsyncRead, AsyncWrite};
+use tokio_io::{AsyncRead, AsyncWrite, Buf, BufMut};
 use tokio_openssl::{HandshakeError, SslStream};
+use tokio_postgres::tls;
 #[cfg(feature = "runtime")]
 use tokio_postgres::tls::MakeTlsConnect;
 use tokio_postgres::tls::{ChannelBinding, TlsConnect};
@@ -99,7 +103,7 @@ impl<S> MakeTlsConnect<S> for MakeTlsConnector
 where
     S: AsyncRead + AsyncWrite + Unpin + Debug + 'static + Sync + Send,
 {
-    type Stream = SslStream<S>;
+    type Stream = TlsStream<S>;
     type TlsConnect = TlsConnector;
     type Error = ErrorStack;
 
@@ -130,29 +134,96 @@ impl<S> TlsConnect<S> for TlsConnector
 where
     S: AsyncRead + AsyncWrite + Unpin + Debug + 'static + Sync + Send,
 {
-    type Stream = SslStream<S>;
+    type Stream = TlsStream<S>;
     type Error = HandshakeError<S>;
     #[allow(clippy::type_complexity)]
-    type Future = Pin<
-        Box<dyn Future<Output = Result<(SslStream<S>, ChannelBinding), HandshakeError<S>>> + Send>,
-    >;
+    type Future = Pin<Box<dyn Future<Output = Result<TlsStream<S>, HandshakeError<S>>> + Send>>;
 
     fn connect(self, stream: S) -> Self::Future {
         let future = async move {
             let stream = tokio_openssl::connect(self.ssl, &self.domain, stream).await?;
-
-            let channel_binding = match tls_server_end_point(stream.ssl()) {
-                Some(buf) => ChannelBinding::tls_server_end_point(buf),
-                None => ChannelBinding::none(),
-            };
-
-            Ok((stream, channel_binding))
+            Ok(TlsStream(stream))
         };
 
         Box::pin(future)
     }
 }
 
+/// The stream returned by `TlsConnector`.
+pub struct TlsStream<S>(SslStream<S>);
+
+impl<S> AsyncRead for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    unsafe fn prepare_uninitialized_buffer(&self, buf: &mut [u8]) -> bool {
+        self.0.prepare_uninitialized_buffer(buf)
+    }
+
+    fn poll_read(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut [u8],
+    ) -> Poll<io::Result<usize>> {
+        Pin::new(&mut self.0).poll_read(cx, buf)
+    }
+
+    fn poll_read_buf<B: BufMut>(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut B,
+    ) -> Poll<io::Result<usize>>
+    where
+        Self: Sized,
+    {
+        Pin::new(&mut self.0).poll_read_buf(cx, buf)
+    }
+}
+
+impl<S> AsyncWrite for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    fn poll_write(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &[u8],
+    ) -> Poll<io::Result<usize>> {
+        Pin::new(&mut self.0).poll_write(cx, buf)
+    }
+
+    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.0).poll_flush(cx)
+    }
+
+    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
+        Pin::new(&mut self.0).poll_shutdown(cx)
+    }
+
+    fn poll_write_buf<B: Buf>(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut B,
+    ) -> Poll<io::Result<usize>>
+    where
+        Self: Sized,
+    {
+        Pin::new(&mut self.0).poll_write_buf(cx, buf)
+    }
+}
+
+impl<S> tls::TlsStream for TlsStream<S>
+where
+    S: AsyncRead + AsyncWrite + Unpin,
+{
+    fn channel_binding(&self) -> ChannelBinding {
+        match tls_server_end_point(self.0.ssl()) {
+            Some(buf) => ChannelBinding::tls_server_end_point(buf),
+            None => ChannelBinding::none(),
+        }
+    }
+}
+
 fn tls_server_end_point(ssl: &SslRef) -> Option<Vec<u8>> {
     let cert = ssl.peer_certificate()?;
     let algo_nid = cert.signature_algorithm().object().nid();

tokio-postgres/src/cancel_query_raw.rs

@@ -16,7 +16,7 @@ where
     S: AsyncRead + AsyncWrite + Unpin,
     T: TlsConnect<S>,
 {
-    let (mut stream, _) = connect_tls::connect_tls(stream, mode, tls).await?;
+    let mut stream = connect_tls::connect_tls(stream, mode, tls).await?;
 
     let mut buf = BytesMut::new();
     frontend::cancel_request(process_id, secret_key, &mut buf);

tokio-postgres/src/connect_raw.rs

@@ -2,7 +2,7 @@ use crate::codec::{BackendMessage, BackendMessages, FrontendMessage, PostgresCod
 use crate::config::{self, Config};
 use crate::connect_tls::connect_tls;
 use crate::maybe_tls_stream::MaybeTlsStream;
-use crate::tls::{ChannelBinding, TlsConnect};
+use crate::tls::{TlsConnect, TlsStream};
 use crate::{Client, Connection, Error};
 use bytes::BytesMut;
 use fallible_iterator::FallibleIterator;
@@ -86,15 +86,15 @@ where
     S: AsyncRead + AsyncWrite + Unpin,
     T: TlsConnect<S>,
 {
-    let (stream, channel_binding) = connect_tls(stream, config.ssl_mode, tls).await?;
+    let stream = connect_tls(stream, config.ssl_mode, tls).await?;
 
     let mut stream = StartupStream {
         inner: Framed::new(stream, PostgresCodec),
         buf: BackendMessages::empty(),
     };
 
     startup(&mut stream, config).await?;
-    authenticate(&mut stream, channel_binding, config).await?;
+    authenticate(&mut stream, config).await?;
     let (process_id, secret_key, parameters) = read_info(&mut stream).await?;
 
     let (sender, receiver) = mpsc::unbounded();
@@ -132,14 +132,10 @@ where
         .map_err(Error::io)
 }
 
-async fn authenticate<S, T>(
-    stream: &mut StartupStream<S, T>,
-    channel_binding: ChannelBinding,
-    config: &Config,
-) -> Result<(), Error>
+async fn authenticate<S, T>(stream: &mut StartupStream<S, T>, config: &Config) -> Result<(), Error>
 where
     S: AsyncRead + AsyncWrite + Unpin,
-    T: AsyncRead + AsyncWrite + Unpin,
+    T: TlsStream + Unpin,
 {
     match stream.try_next().await.map_err(Error::io)? {
         Some(Message::AuthenticationOk) => {
@@ -172,7 +168,7 @@ where
             authenticate_password(stream, output.as_bytes()).await?;
         }
         Some(Message::AuthenticationSasl(body)) => {
-            authenticate_sasl(stream, body, channel_binding, config).await?;
+            authenticate_sasl(stream, body, config).await?;
         }
         Some(Message::AuthenticationKerberosV5)
         | Some(Message::AuthenticationScmCredential)
@@ -225,12 +221,11 @@ where
 async fn authenticate_sasl<S, T>(
     stream: &mut StartupStream<S, T>,
     body: AuthenticationSaslBody,
-    channel_binding: ChannelBinding,
     config: &Config,
 ) -> Result<(), Error>
 where
     S: AsyncRead + AsyncWrite + Unpin,
-    T: AsyncRead + AsyncWrite + Unpin,
+    T: TlsStream + Unpin,
 {
     let password = config
         .password
@@ -248,7 +243,10 @@ where
         }
     }
 
-    let channel_binding = channel_binding
+    let channel_binding = stream
+        .inner
+        .get_ref()
+        .channel_binding()
         .tls_server_end_point
         .filter(|_| config.channel_binding != config::ChannelBinding::Disable)
         .map(sasl::ChannelBinding::tls_server_end_point);